> Last I looked seccomp still had a hardcoded list of system calls, but> perhaps I've been looking in the wrong place. However, since that's> exactly what seccomp is -- a system call filter -- this can, and should,> be unified that way.

Yes, we should definitely look at incorporating this into seccomp v2, which is still under discussion (and a topic at KS).